What is crypto spyware
- 15 minute read
Spyware is a piece of software that is installed on a computer without the victim's knowledge. This spy is then able to record what you will do on your computer so that the software can perform what it was created to do.
Crypto spyware comes in many forms and is installed on your computer in very different ways. In this article we will show you how it works, the dangers you face and what you can do about it.
- Crypto spyware almost always gets on your computer through your own actions, prompted by tricks from the spyware creators, such as phishing, scare tactics or trojans
- The most common way spyware gets on your computer is by opening attachments in your emails, as well as clicking on advertisements, visiting untrustworthy sites, browser extensions and not downloading updates to software that plug security holes
- Never leave large sums of money in places that only require you to enter only name and password to log in because of the existence of keyloggers that can record everything you type in
- Hardware wallets and the Anycoin Direct Vault are the best protection against hacking, but you still have to be careful when trading
- Crypto spyware comes in many forms, such as cryptojacking and drive by cryptomining where you mine for others, malvertising that installs viruses and trojans to take important data from your system and use it against you, and the well-known ransomware, where you only get data back if you pay a ransom
- Known crypto spyware in able to start mining Monero for others, fake dialog boxes to get your login credentials and 2FA codes, fake crypto websites, change receiving wallet addresses and infect advertisements
- If you suspect that you have crypto spyware on your computer, you may notice it by a slow computer that sits and rattles, even when you are not doing anything on your computer, as well as at Network Manager connections and at the startup programs
- There are some general guidelines to avoid getting crypto spyware on your computer, but once it's there it's often hard to get rid of and there's nothing to do but reinstall your operating system
Content
- How does spyware get on your computer?
- Preventative measures against spyware
- Protecting crypto against spyware
- What forms of spyware crypto are there?
- Known spyware crypto
- How do you know if your computer has spyware?
- General guidelines against spyware once again
How does spyware get on your computer?
Virtually all spyware is put on your computer because you authorized it or downloaded it yourself. I readily admit that it is often very sneaky, but in many cases there are ways to prevent this.
A lot of spyware uses well-known techniques that are proven to work. For example, scare tactics are very effective, posing as a popular program or Web site, capitalizing on greed or arousing your curiosity. The idea is that you will click on something, causing the little program to install itself on your computer.
Preventative measures against spyware
In your daily tour of your computer, you encounter all kinds of things. You open emails, you surf the Internet and you open specific websites. With every click you could potentially download spyware. But how do you know what to click and what not to click? There are general guidelines for that.
- E-mail addresses. When you get an e-mail you should pay close attention to the sender. If the sender has an odd e-mail address and the subject is tricky (for example, bank information or crypto websites) then you have to be very careful. For example, an email from googleadvertisingcampaign@trick.uk suspicious, because it is a mail address that is clearly made to reassure people with the reference to Google. Oh, it comes from Google, people think, but it doesn't. Another form is when the address has typos that is called typosquatting. A mail from John@Gogle.com Looks a lot like an email from Google, but it says Gogle. Only open emails if you don't think the address is suspicious. By the way, spyware is almost always hidden in an attachment, so a peek doesn't necessarily mean anything yet.
- Email content. You come across quite often that senders want to scare you. If you don't do this within 5 days that's what happens. These are almost exclusively spyware and phishing mails, although there are some that are just trying to extort money from you. If it seems genuine, call the company in question with the phone number from their official website and check it out. Another trick is curiosity or greed. You were selected from X people and you won X. Look in the attachment (which contains the spyware) to see what to do. An email that comes from a website that everyone knows is suspicious in advance. Why would Google or Amazon send you a mail personally? And why is there an attachment with it? Any attachment is suspicious in advance, so be careful about opening it. If they ask you for login information, this is almost certainly a scam .
- Clicking on advertisements. Now you're probably not a fan of that, as I am, but still, at some point you may be tempted with a text like, "Click here and receive an airdrop of coin X" or something. Any advertisement can secretly install spyware if you click on it.
- Visiting odd sites. If you visit a Web site that has a name that looks a lot like the familiar variety, you have to be careful anyway. Amozon.com or Twiter.com may well be a site created to make you click on anything, installing spyware. Sites that promise you golden mountains should also be distrusted at this point. Sites that do not have HTTPS in the address are also best avoided. If you don't trust a link, such as a shortened version of a longer link from YouTube or the like, don't open it. Only download software from highly trusted and well-known sites, such as Samsung or Apple's App Stores.
- Browser extensions. Adding a piece of software to your browser can add additional spyware to your system. Install only the most necessary extensions, such as an adblocker or a software wallet as MetaMask and then only from the official website.
- Drive by crypto mining . You name it, someone has made it up for you. If you move the mouse 5 times to the left there is a horse in the hallway, of that sheet! Once upon a time, drive by crypto mining started as a legitimate way to mine crypto. You went to a website of a non-profit organization like UNICEF and during your visit unused resources were used to mine crypto for this organization as an alternative to advertising. All you had to do was a little JavaScript code. As soon as you closed the website, the site stopped using your resources. Later this script was used to infect computers with a sneaky pop-under in your browser that you couldn't see. As long as you don't notice this and do nothing about it, your computer just keeps mining for the scammers every time you open the browser. Hacked websites can put this on your computer just because you visit them . You can avoid this by turning off JavaScript in your browser or by downloading a program that blocks mining on your computer.
- Always make sure you have the latest version of your important programs, such as operating system, mail program and browsers.
- Use an antivirus and antimalware program.
- Use a known adblocker.
Protecting crypto against spyware
Spyware can contain all sorts of things, and if your computer is hacked, all sorts of nasty things can happen. If you store your cryptocurrency somewhere online it may also get lost.
For example, a hacker can use keyloggers. These are programs that send everything you type on your keyboard directly to the robber. Its like there is someone recording you while you enter your login credentials.
Software wallets and spyware
With all kinds of sites this doesn't matter much, but when it comes to your crypto it does. So if you only use a username and password to log in to access your crypto, the hacker can do the same and then he can steal all your coins you have there. This is for example the case with a software wallet like MetaMask or Trust Wallet. So don't leave too large amounts on there, because it can always happen sometime.
Hardware wallets and the Anycoin Direct Vault
If you store coins on a hardware wallet, nothing can happen to them, as they are offline. In all other cases, you need to be aware of the risks and will need to make sure that you have 2FA enabled, because only you know the code that is in your Google Authenticator or Authy. Also, don't forget to keep your seed phrases and other important keys offline in a notebook. That way you can still access your coins if you have to reinstall the entire system if you are hacked.
Anycoin Direct has found something to that via the Vault. So your coins at Anycoin Direct cannot be hacked. You can keep all your coins safe on our site because we hold your coins 1 on 1 through an external third party, allowing our users to access their coins in all cases. In the extreme case of a hack, funds held in the Vault can only be disbursed to the owner's IBAN account, as specified. This makes a hack at Anycoin Direct meaningless, as nothing can be stolen.
What forms of spyware crypto are there?
Large amounts of spyware have been concocted over time to get Internet users who engage in crypto off their funds or bore them with other tricks. One program targets your RAM, the next your GPU and yet another lurks on your coins. We will discuss a few of them.
Cryptojacking
This form of spyware uses all kinds of resources from an infected computer to mine cryptocurrency for scammers. Usually this spyware gets on your computer by downloading through a browser or mobile app, but it can also come from an email. It can infect virtually any memory-enabled device, such as your desktop, laptop, smartphone or even an entire organization via a network server. The software is designed to normally remain hidden from the user.
Stealing computer time
Mining Proof of Work coins has become increasingly difficult and expensive over time and often not even profitable for the miner. Well, we'll just let other people mine for us, then it won't cost me anything! All those computers together then provide enough hashing power to compete with miners who do have expensive mining rigs at home and high energy costs.
Cryptojacking uses a lot of the available resources of your computer or cell phone. If you have an infected device, however, it is hard to detect because they are clever. As soon as you go to see what programs are open it hides. Resource usage also hides this spyware. Sometimes they even temporarily turn themselves off to avoid detection.
Detecting cryptojacking
It is still possible to detect them anyway, but you will have to do that with logic. If your computer suddenly becomes very slow, there must be a reason for that. If your computer is rattling like crazy while you're not doing anything on it, there must be a program running that is consuming a lot of computing power. If you suddenly get a much higher energy bill, this may also indicate hidden mining. And finally, you may notice that your hardware is getting very hot and your fans are working overtime while you are watching television. So what is that thing doing? If you can't find it in your task manager it could be cryptojacking.
Especially on a cell phone, this can have disastrous consequences. The lifespan of your device goes down considerably. So pay close attention to all the apps you download because it is your least protected device.
Cryptojacking is usually used to mine lesser-known Proof-of-Work coins, because mining the best-known and most expensive coins requires too much hashing power. Monero is a popular coin to mine with cryptojacking because it requires less hashing power and the extra privacy of the coin prevents detection of the perpetrators.
Extreme cases of cryptojacking
There have been cases where cryptojackers penetrated the operating system of a European water company to start mining pot for the robbers. The supercomputer at the nuclear warhead research center in Russia was even used for some time to mine Bitcoin!
Drive-by cryptomining
We've talked about this for a while. This story started with the replacement of advertising with computer time to mine. You went to your favorite website and got free content in exchange for mining time.
In the beginning, this was an honest business. Well-known websites of large organizations asked your permission to mine for crypto while you were on their site, and a piece of JavaScript made this work. If you closed the site, the mining stopped, at least in theory.
Drive-by cryptomining scam
As it so often happens with good intentions, when putting the cart before the horse. Scammers thought this was a good idea too, but had little desire to wait for permission, so hackers infected websites with lots of visitors or their own and then installed pop-unders that hid on your computer. They can usually only be detected by antivirus scanners or by logic, such as asking why your computer is rattling around while you are not using it.
Sometimes this spyware is also hidden in a so-called Trojan Horse, where it looks like you're downloading something important or fun, but there's a hidden little program that intrudes into your computer or cell phone. Troy can relate to this. There have been cases of a destructive spyware program that completely destroys your mobile due to overloading.
Malvertising
This is a form of cybercrime in which advertising networks are targeted. These are hacked or simply used to spread viruses, trojans, ransomware and other fun things. Its purpose was to harvest vital data on financial matters, including crypto, and to hijack your computer and demand a fee to return all your files.
Malvertising scaremongering
A common name for this became malvertising. Some of these can even bypass adblockers. Often you also get all kinds of pop-ups scaring you with texts like "your browser has a security vulnerability," "your system is outdated, update Java now" or phrases like that. Often you see an exclamation point next to it or a red big X to make you think something is wrong. Its purpose is to make you click on it, so the malware gets installed and infects your computer.
Malvertising trojans and hijacking
Some malvertising ads are software written so that the trojan or virus loads itself the moment you see it on the screen in the browser or when you click anywhere in the website. Thus, RoughTed software could scan your system and determine important things like your location, operating system and other things that were important to the malvertising.
The intent was to steal your financial data or install software you had to pay for. Often, it also hijacked your browser and continued to monitor your behavior as you were browsing. Malvertising can hijack almost any kind of software, such as apps, dialog boxes with support centers or questionnaires.
Even if you use an adblocker you can still fall victim to this, even though its use is highly recommended. It already helps a lot if you stay away from weird websites that need the revenue, because domains with a high reputation do everything they can to avoid this. In any case, make sure you update your software.
Remote Access Trojans
A Remote Access Trojan (RAT) is malware that allows hackers to access a computer or network remotely. If the RAT is installed, the attackers can steal sensitive information, run commands and monitor the user's behavior. Once the hackers see what crypto transactions you make and what you private keys are they transfer these funds to themselves.
Ransomware
This form of cybercrime is in the news more often, as even the most important and largest websites are hacked and a hefty ransom is demanded to release the files again. The hackers block access to the computer system or files and do not release everything until the ransom is received.
Encryption as a weapon
Ransoms are often demanded in privacy coins like Monero because the recipient is then untraceable. Encryption has now become an excellent means of securing files from unauthorized access. This is exactly the tool that ransomware uses against websites where there is something to get, such as a government website, a bank or an energy company.
The hackers encrypt all data with encryption so that those website administrators can no longer open any files and the website is locked. Then such hacked websites have to pay large sums of money to get the decryption key. Unless they can solve this quickly they have no choice but to pay, because every hour the website is offline it costs them money or the trust drops.
Ransomware ranges from a louse to a "deadly dilemma."
- Screen lockers. A screen locker is still fairly harmless, because only the login is blocked. Many smart people can even solve this with a workaround, without paying a penny.
- Encrypting specific information. Crypto ransomware encrypts information stored locally or in the cloud that contains essential information to access your cryptocurrency. This is the reason we always stress to write down this kind of data offline in a notebook so you can still access your coins in all cases, regardless of your software or system. Then, in the worst case of hacking, you can simply reinstall your operating system and start from scratch. Crypto ransomware is very successful and makes billions a year for hackers. In part, this is because the ransom is fairly low, a few hundred euros. Most crypto traders are still willing to pay that to regain access to their crypto currencies. For example, the crypto-ransomware program GandCrab was already generating several billion dollars a year in revenue a few years ago. Of course, new variants are invented all the time when the old ones no longer work. Some of these ransomware programs use intimidation and extortion to make victims fear for their lives or reputations. They often threaten to disclose private data that they would rather not see on the street. But first they encrypt this information so it cannot be taken away.
- Encrypting your disk. If you or a company fall victim to this, they can't do anything. Everything is under lock and key, both all files and your operating system that has been hijacked. This is most commonly used with wealthy people or businesses because it is so intrusive. If your large fortune or your company's extensive network is under lock and key, you often have little choice but to pay in the hope that an unlock will follow, which is also not always the case. Very large sums of money can be captured with this.
Known spyware crypto
Over time, all sorts of programs have been invented to greatly annoy crypto traders. We will list some of them.
Prometei Botnet
This is used to mine Monero as well as to obtain login credentials. The target is usually a corporate network and it installs mining software through a variety of vulnerabilities in software.
PowerGhost
This is also used to mine cryptocurrency. It enters through phishing and is capable of disabling antivirus programs and other mining activities.
Graboid
Cryptojacking worm that spreads through a container application in the cloud. Once the worm is installed, it starts mining Monero.
Rilide
Very sneaky malware in the form of a browser extension for well-known browsers. This malware watches what you do in your browser, takes screenshots and steals crypto where it can. Rilide can bypass 2FA by forcing a dialog box on you, where you must enter the codes from Google Authenticator or Authy, after which your crypto can be stolen.
Clippers
Malware capable of changing the recipient's wallet address to that of the attacker. If you copy a cryptocurrency address from a wallet, this software can identify it as a crypto wallet address and this hacker software will change this address to his own.
Chameleon
This malware poses as popular crypto apps, such as software wallets or crypto exchanges . When installed, it behaves like a keylogger and uses fake interfaces to make you believe you are on the real site. So it can steal not only passwords, but also your cryptocurrencies.
Coinhive
This was a 2017 initiative to provide an alternative to showing ads on websites. When you went to a page with Coinhive, you didn't get ads, but your PC's processing power was used to mine Monero. A script on the website could do this automatically using a few lines of JavaScript.
Surfing without advertising
All kinds of websites, such as UNICEF or other charities and companies, that didn't like advertising started working with Coinhive. As long as the page was open in the browser, the mining continued and generated money in the form of Monero coins.
Coinhive was supposed to use some of the computing power of the visitor. But the mother of the china shop is always eager to get the monkey out of the tree.
Surfing without advertising but hacked
Hackers naturally wanted to go all out with this system and fully utilize the computing power of visitors' PCs so that it would yield more. They not only created their own websites with Coinhive techniques, but also hacked sites with many visitors to mine as much Monero as possible.
The moral depravity was evident when it became known that hackers were also targeting websites for the visually impaired because they cannot see that an infection has gotten on their computer.
Meanwhile, The Pirate Bay (peer to peer file exchange) had also installed and poorly configured Coinhive, making it impossible for visitors' PCs to continue working.
The legacy of Coinhive
Coinhive may have stopped in 2019, but the technique is not gone with that. You can avoid this technique by turning off Javascript in your main browser or installing special programs like No Coin or MinerBlock in your browser. Another way is to install antivirus or antimalware programs, which are thoughtful of known hacker tricks.
In the extreme, in all the above cases, you have to reinstall your entire computer to get rid of the mess.
How do you know if your computer has spyware?
- Your computer is incredibly slow, even when you're not doing anything. In that case, it could be that you have a system that is too old and need a new computer, but it could also be that you have spyware on it in some form. You can look in Windows' Task Manager (ctrl-alt-del) to see which processes are using all your resources and do something about it when you find the culprit. Then sometimes you have to start all over again, because sometimes you don't find it or the virus or trojan is too powerful.
- In Network Manager, you see all kinds of connections to other computers that you don't recognize. These could be suspicious websites that connect to your computer and, for example, are mining or trying to steal crypto.
- Your computer's startup programs include suspicious programs. In any case, make sure they are no longer started.
- Put an antivirus or antimalware program to work regularly, especially if you feel something is wrong.
General guidelines against spyware once again
- Always download all updates, these often cover security vulnerabilities.
- Use antivirus or antimalware.
- Use an adblocker.
- Open email attachments only if you fully trust the sender.
- Use an anti-mining extension in your browser and disable JavaScript if necessary.
- Store crypto in the Anycoin Direct Vault or on a hardware wallet.
- Scan QR codes instead of copying and pasting crypto addresses.
- Keep low amounts in MetaMask and those types of wallets without 2FA.
- Do not use Wifi when trading.
- Be very careful when downloading any file or app and get them only from trusted websites.
- Don't click on advertisements.
- Avoid obscure or weird websites. God knows what spyware you are waiting for.
- Never put important information on your computer or in the cloud, such as passwords, seed phrases or other sensitive information, write it down offline.
- Don't forget smart things that can be a security vulnerability with the Internet of Things.
Spyware won't go away, there are always people who like to annoy or scam someone else. When it comes to crypto, it is too important to neglect your protection, as there is often a lot of money involved. So be aware of the dangers.